The present invention relates, in general, to network technology and, more particularly, to a technique for preventing leakage of information that can occur during acquisition of information over a network.
Recently, with the progress in network infrastructure and computer technology, more and more personal computers, work stations and server computers have become interconnected to share information. To achieve information sharing, typically, a client computer such as a personal computer (referred to simply as a client hereinafter) issues a request for information to a web server that has information accumulated therein. In response to the request, the web server sends the information corresponding to the request to the client, and the client can acquire the information it requested.
The request sent from the client to the server contains a value that specifies a numerical data set or a keyword, and the server refers to the value and issues a query to a database, or the like, thereby extracting information from the database. That is, according to the conventional information search method, information on what the client is currently interested in will be disclosed to the server.
In the case of a trusted web server, the conventional information search method is not significantly problematic. Even in the case of a trusted web server, however, a searching entity such as an individual and a company needs to inform the web server of what information the searching entity is currently interested in.
With the progress in browsing technology, the so-called mashup system, such as Web 2.0, has become popular. By concentrating information managed by a plurality of web servers onto a single information processing apparatus, information accessibility is improved. The mashup system comprises a client, a mashup server and a plurality of information servers.
The mashup server may be installed at the premises of a company or may be a web server dedicated for the mashup processing provided on the Internet by an Internet service provider (ISP). Each information server, provided by an ISP, or the like, searches a database managed by it for information corresponding to the request from the client, and sends the information to the mashup server. The mashup server appropriately distributes the acquired information so that the information acquired from the plurality of information servers is displayed on the client via a browser program, or the like.
In the mashup system, a plurality of information servers, which correspond to various kinds of information requested by the client, receive the request issued by the client. The request, for example, comprises a structure query language (SQL) statement containing a search word or conditional formula used to search for information to be acquired. Each information server acquires information corresponding to the request by extracting the search condition from the received request and searching the database managed by it. Here, a problem arises in that all the information servers to which the client connects are not always trustworthy. Furthermore, even on a trusted information server, the purpose of the search by the client may be implicitly uncovered through data mining and request tendency analysis during log analysis in the information server, from the contents of the request sent to the information server.
Thus, as this network technology becomes more popular and the information accumulated on networks becomes more value-added, a problem of “gentle information leakage” occurs in information search protocols. The term “gentle information leakage,” as used herein, refers to leakage of the intention or purpose of a search conducted by a group on a network as a result of statistical analysis of network accesses from the group by an information server.